Secrets Management

Best practices for storing and accessing sensitive credentials. Never hardcode secrets in source code.

Syntax

environments-and-security
// Environment variables, vaults, or secret stores

Example

environments-and-security
// ✗ NEVER do this:
const apiKey = "sk-abc123secretkey";

// ✓ Use environment variables:
const apiKey = process.env.OPENAI_API_KEY;

// ✓ Validate at startup:
if (!process.env.DATABASE_URL) {
  throw new Error("DATABASE_URL environment variable is required");
}

// ✓ Use a vault for production:
// AWS Secrets Manager, HashiCorp Vault, Doppler, 1Password Secrets Automation

// ✓ Rotate secrets regularly and audit access logs